1 / 10

The Privacy Act and Allowable Information sharing within MSD

The Privacy Act and Allowable Information sharing within MSD. Caroline Doust Information Architect. Allowable data Sharing within MSD. Introduction This paper addresses the extent to which data management best practices can be applied to client data within MSD.

hashim
Télécharger la présentation

The Privacy Act and Allowable Information sharing within MSD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Privacy Act and Allowable Information sharing within MSD Caroline Doust Information Architect

  2. Allowable data Sharing within MSD • Introduction • This paper addresses the extent to which data management best practices can be applied to client data within MSD. • There is a potential conflict between the record once and use for many purposes data management best practice principle and the requirements of NZ Privacy Legislation. • This paper has been developed with consultation and review by the Legal Office.

  3. Allowable data Sharing within MSD • The Privacy Act • Outlines a series of principles for the collection and use of client information. It also outlines a number of circumstances where exceptions may be made. • MSD interpret the act conservatively so unless we are sure a use is permissable we should not do it without discussion with Legal to establish its legitimacy.

  4. Allowable data Sharing within MSD • Good Data Management Practice • Common Data management functionality is not duplicated across systems. • Changes made to data for one service line are reflected in similar data in other service lines. • Any data needed to provide an appropriate client service should be shared from other service lines.

  5. Allowable data Sharing within MSD • Privacy Act deals with actual use of information not the ease with which a non-compliant use could be made. • Thus we can have information from different service lines share the same database as long as we do not match that information across service . E.g. two copies of the same client’s personal details one from CYF and one from work and Income can co-exist in the same tables. • So duplication of data management functionality can always be avoided.

  6. Allowable data Sharing within MSD • Privacy Act applies to cross service line sharing • Without appropriate client notification we may not use information collected for any purpose other than that for which it is collected. • Exceptions to this apply on a case by case basis. • We may also not collect information unless it is needed to fulfill our responsibilities under legislation.

  7. Allowable data Sharing within MSD • Ministry’s Privacy Statement • Each client of a non-CYF service is presented with the Ministry’s privacy statement that indicates that information collected is able to be used for the purposes of the legislation administered by MSD • The client usually signs the statement but need not do so for it to apply. To meet the requirements of the Privacy act MSD only needs to inform the client of intended uses. It does not need to seek permission. • This means that sharing of information pursuant to any of the Ministry’s legislation including CYF legislation is permitted for any such client.

  8. Allowable data Sharing within MSD • Services without Privacy Statement • CYF clients do not sight a privacy statement • Therefore CYF data cannot by default be shared with other service lines, however CYF can share data from other Ministry Service Lines if it needed for a legislated CYF need.

  9. Allowable data Sharing within MSD • Unique Client Identifier • Principle 12 of the Privacy Act states that “an agency cannot assign a unique identifier to a client unless it is necessary for the agency to carry out one or more of its functions efficiently. • We have assumed in the case of non-CYF clients that we can assign such an identifier, presumably on efficiency grounds, but legal is not aware of having ever been consulted on the issue. Therefore we should be ready to justify such use.

  10. Allowable data Sharing within MSD • Conclusion • The Privacy Act does not preclude MSD from developing common business processes or common applications. However it does provide restrictions on information sharing especially where a privacy statement has not been sighted. • In particular CYF client’s information cannot be shared by default with other service lines.

More Related